"Designing and implementing malicious hardware"
Jacob Appelbaum
jacob at appelbaum.net
Thu Apr 24 21:58:41 EDT 2008
Perry E. Metzger wrote:
> A pretty scary paper from the Usenix LEET conference:
>
> http://www.usenix.org/event/leet08/tech/full_papers/king/king_html/
>
> The paper describes how, by adding a very small number of gates to a
> microprocessor design (small enough that it would be hard to notice
> them), you can create a machine that is almost impossible to defend
> against an attacker who possesses a bit of secret knowledge. I suggest
> reading it -- I won't do it justice with a small summary.
>
> It is about the most frightening thing I've seen in years -- I have no
> idea how one might defend against it.
>
"Silicon has no secrets."
I spent last weekend in Seattle and Bunnie (of XBox hacking fame/Chumby)
gave a workshop with Karsten Nohl (who recently cracked MiFare).
In a matter of an hour, all of the students were able to take a
selection of a chip (from an OK photograph) and walk through the
transistor layout to describe the gate configuration. I was surprised
(not being an EE person by training) at how easy it can be to understand
production hardware. Debug pads, automated masking, etc. Karsten has
written a set of MatLab extensions that he used to automatically
describe the circuits of the mifare devices. Automation is key though, I
think doing it by hand is the path of madness.
If we could convince (this is the hard part) companies to publish what
they think their chips should look like, we'd have a starting point.
Perhaps,
Jacob
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list